In recent years, the amount of operation has been increasing year by year in embedded systems such as automobile systems along with multifunctionality, and the performance of a central processing unit (CPU) required for the embedded systems is increasing. In the field of personal computers, such an increase in throughput has been dealt with an increase of the number of cores (multicore) of the CPU which is an operation device. Even in the field of embedded systems is no exception, the multicore has progressed in consumer systems where the amount of operation is large and a constraint on a real-time property is relatively loose, such as a car navigation system and a cellular phone. As the embedded control systems such as automobile control systems become sophisticated and complicated, it is expected that the amount of operation thereof may exceed a limit of a single core, and thus, adoption of the multicore has been studied.
Meanwhile, the functional safety standard ISO 26262 (hereinafter referred to as the “functional safety standard”) was formulated in 2011 in order to unify a software quality level in an automobile industry and to facilitate a safety verification. In this standard, a failure rate calculation method, a software design method, and the like are specified throughout the entire system including hardware and software. In order for the vehicle control apparatus to conform to this standard, it is necessary to present grounds for ensuring safety. In general, the compliance with the same standard is achieved by summarizing knowledge and achievements in conventional designs as evidences.
In the functional safety standard ISO 26262, it is required to prevent interference between pieces of software having different safety requirements. A general vehicle control apparatus is configured of various control applications, and thus, a mechanism configured to prevent interaction between pieces of software forming a system such as a time protection function and a memory protection function has attracted attention in recent years. For example, this is a function of preventing certain software running out of control from accessing a memory storing data used by another software and destroying the data.
When the functional safety standard ISO 26262 is applied to a general vehicle control apparatus, it is known that various automotive safety integrity level (ASIL) software coexist within the vehicle control apparatus. Thus, a mechanism for preventing interference between pieces of software and techniques such as speeding-up of processing, weight reduction, and improvement in reliability, related to the mechanism, are required in order for existing software to comply with the functional safety standard.
The following PTL 1 describes exclusive control for a shared resource. In this literature, an analysis target program acquires an access right (lock) of the shared resource and measures a time required for lock acquisition required for acquiring the lock in order to analyze whether a state of an access conflict with respect to the shared resource is normal. A predetermined number of most recent lock acquisition required times are integrated and an allowable range to be allowed as the lock acquisition required time is calculated based on the integrated lock acquisition required time. If the latest lock acquisition required time is included in the allowable range, it is analyzed that the state of the access conflict with respect to the shared resource is normal.